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DETAILED ACTION 

1 . This action is issued in response to applicant's RCE filed April 25, 2008. 

2. Claims 1-4, 6-24 and 26-56 are presented. No claims added and claims 5, 16-18, 
25, and 36-55 are cancelled. 

3. Claims 1-4, 6-15, 19-24, 26-35, and 56 are pending. 

Continued Examination Under 37 CFR 1.114 

4. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on April 25, 
2008 has been entered. 



Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1-3,6-11,15,22-24,26-31,35, and 56 are rejected under 35 U.S.C. 



103(a) as being unpatentable overValois (US Patent Application No. 
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20040260818) filed June 23, 2003, in view of Delany (US Patent Application No. 
20020156879) filed November 30, 2001. 

Regarding Claims 1 ,22, and 56, Valois discloses a method for controlling 
access to a resource of a device, the method comprising: 

storing, within a device, authorization data that defines: (i) an access 
control attribute ([0058], lines 4-10, Valois) 1 , and (ii) an associated regular 
expression specifying a textual pattern ([0057], lines 4-9, Valois). However, 
Valois is silent with respect to at least one class of clients that access the device 
and the access control attribute is a coarse-grain access control attribute defining 
access control rights for members of the class to a resource provided by the 
device. On the other hand, Delany discloses at least one class of clients that 
access the device ([01 12], Delany) and the access control attribute is a coarse- 
grain access control attribute defining access control rights for members of the 
class to a resource provided by the device ([01 18], Delany). Valois and Delany 
are analogous art because they are from the same field of endeavor of relating to 
a system that provides authorization compliance validation with a security policy. 
It would have been obvious to one of ordinary skill in the art at the time of the 
invention to incorporate Delany's teachings into the Valois system. A skilled 
artisan would have been motivated to combine in order to achieve the level of 
detail at which the data would have been considered. As a result, coarse-grain 
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access provides higher performance through more optimized protocols and the 
data tends to work on contiguous regions at a time. Therefore, the combination of 
Valois in view of Delany, disclose receiving, with the device, a command from a 
client, wherein the command requests access to configuration data for the 
resource of the device ([0159] and [0165], Delany); identifying the class of which 
the client is a member ([0166], Delany); retrieving, from the authorization data, 
the access control attribute and the regular expression for the identified class of 
which the client is a member ([0088], Valois); evaluating the command using the 
retrieved regular expression to determine whether the command matches the 
textual pattern specified by the retrieved regular expression ([0118], lines 19-26, 
Delany); and controlling access to the configuration data by the client based on 
the coarse-grain access control attribute for the identified class of which the client 
is a member and the evaluation of the regular expression for that class ([0159], 
lines 1-10, Delany). 

Regarding Claims 2 and 23, the combination of Valois in view of Delany, 
disclose a method wherein controlling access comprises 

allowing access to the configuration data when the access control attribute 
denies access to the resource ([0067], lines 1-4, Valois) and the textual pattern of 



1 Examiner Notes: Authorization data corresponds to "references" and the definition is an attribute that is 
part of the Access Control List (ACL). 
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the regular expression matches the command ([01 1 7], lines 1 8-20 and [01 1 8], 
lines19-26, Delany). 

Regarding Claims 3 and 24, the combination of Valois in view of Delany, 
disclose a method wherein controlling access comprises 

denying access to the configuration data when the access control attribute 
grants access to the resource ([0067], lines 5-9, Valois) and the textual pattern of 
the regular expression matches the command ([01 1 7], lines 1 8-20 and [01 1 8], 
lines19-26, Delany). 

Regarding Claims 6 and 26, the combination of Valois in view of Delany, 
disclose a method wherein the coarse-grain access control attribute comprises a 
set of permission bits, and each of the permission bits is associated with a 
respective group of the resources ([0161], lines 3-5, Delany). 

Regarding Claims 7 and 27, the combination of Valois in view of Delany, 
disclose a method further comprising receiving the command from the client via a 
command line interface ([0199], lines 2-11, Delany) 2 . 



2 Examiner Notes: Receiving the command from a client corresponds to "a user can request..." and the 
interface corresponds to "GUI". 



Application/Control Number: 10/628,885 Page 6 

Art Unit: 2161 

Regarding Claims 8 and 28, the combination of Valois in view of Delany, 
disclose a method wherein evaluating the command comprises evaluating the 
command in real-time ([0383], lines 9-14, Delany) while the client inputs the 
command via the command line interface ([0199], lines 2-11, Delany). 

Regarding Claims 9 and 29, the combination of Valois in view of Delany, 
disclose a method wherein the configuration data is arranged in the form of a 
multi-level configuration hierarchy having a plurality of objects (Fig. 5, [0142], 
lines 1-2, Delany), and each of the objects represents a portion of the 
configuration data that relates to one or more resources of the device ([0142], 
lines 2-5, Delany). 

Regarding Claims 10 and 30, the combination of Valois in view of Delany, 
disclose a method wherein the objects have respective textual labels ([0143], 
lines 1-4, Delany) and the regular expression defines the textual pattern to match 
the textual labels ([0057], lines 4-9, Valois) of a set of one or more of the objects 
within the configuration hierarchy (Fig. 5, Delany). 

Regarding Claims 1 1 and 31 , the combination of Valois in view of Delany, 
disclose a method wherein evaluating the command comprises applying the 
regular expression to the command ([0099], lines 1-7, Valois) to determine 
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whether the command specifies any of the objects within the set ([0142], lines 2- 
5, Delany). 

Regarding Claims 1 5 and 35, the combination of Valois in view of Delany, 
disclose a method wherein controlling access comprises controlling access to 
configuration data of a router ([0053], lines 6-10, Valois). 

7. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Valois (US Patent Publication No. 2004/0260818) filed June 23, 2003, as applied to 
claims 1-3,15,22-24, and 35 above, and further in view of Mitra (US Patent No. 
6,973,460) filed November 26, 2002. 

Regarding Claim 4, Valois discloses a method for storing authorization 
data ([0058], lines 4-10, Valois). However, Valois does not explicitly disclose 
storing the authorization data as a class that conforms to a class syntax. On the 
other hand, Mitra discloses storing the authorization data as a class that 
conforms to a class syntax (column 8, lines 7-18, Mitra). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to 
incorporate Mitra's teaching into the Valois system. A skilled artisan would have 
been motivated to combine the two references as suggested by Mitra (column 7, 
lines 48-52), in order for the classes to be annotated such that, at run-time, 
useful information about how the data is organized for each of the various ways 
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of storing the data (i.e. configuration) may be extracted from the annotations. As 
a result, this allows for various services to perform operations in accordance with 
the information. 

8. Claims 12-14,19-21, and 32-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Valois (US Patent Publication No. 2004/0260818) June 23, 2003, 
in view of Delany (US Patent Publication No. 2002/0156879) filed November 30, 
2001, and further in view of Nelson (US Patent No. 6,243,713) filed August 24, 
1998. 

Regarding Claims 12 and 32, the combination of Valois in view of Delany, 
disclose a method further comprising to automatically insert one or more meta- 
characters into the regular expression ([0451-0453], lines 1-7, Delany) based on 
the hierarchical arrangement of the configuration data (Fig. 5, Delany). However, 
Valois in view of Delany, do not explicitly disclose pre-processing the regular 
expression. On the other hand, Nelson discloses pre-processing the regular 
expression (column 10, lines 39-50, Nelson). It would have been obvious to one 
of ordinary skill in the art at the time of the invention to incorporate Nelson's 
teachings into the Valois in view of Delany system. A skilled artisan would have 
been motivated to combine the two references as suggested by Nelson (column 
9, lines 60-65), in order to convert component data into a list of distinctive objects 
that represent the original data of the component, this is understood to perform 
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data reduction. Pre-processing remove any non-essential information that does 
not substantially add to the quality of the system. As a result, pre-processing 
saves the system time and space for capacity. 

Regarding Claims 13 and 33, the combination of Valois in view of Delany 
and further in view of Nelson, discloses a method further comprising: 

pre-processing the regular expression (column 10, lines 39-50, Nelson) so 
that the command is evaluated with the regular expression in real-time ([0383], 
lines 9-14, Delany) as the client enters the command ([01 99], lines 2-1 1 , Delany). 

Regarding Claims 1 4 and 34, the combination of Valois in view of Delany 
and further in view of Nelson, discloses a method wherein evaluating the 
command comprises evaluating the command with the pre-processed regular 
expression each time the client enters a token indicating a textual break within 
the command (column 17, lines 35-40, Nelson). 

Regarding Claim 1 9, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method comprising: 

receiving input defining at least one class of clients that access the device 
([01 12], Delany), wherein the input defines for each class of clients an access 
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control attribute ([0058], lines 4-10, Valois) and an associated regular expression 
that specifies a textual pattern ([0057], lines 4-9, Valois); 

pre-processing the regular expression (column 10, lines 39-50, Nelson) for 
each class of clients to automatically insert one or more meta-characters into the 
regular expression ([0451-0453], lines 1-7, Delany); 

receiving an access request from a client ([0113], Delany); 

identifying the class of which the client is a member ([0166], Delany); 

retrieving the access control attribute and the regular expression for the 
identified class of which the client is a member ([0088], Valois); 

evaluating a command in real-time using the regular expression ([0383], 
lines 9-14, Delany) for the identified class of which the client is a member as the 
client enters the command via a command line interface ([0199], lines 2-11, 
Delany); and 

controlling access to configuration data of a device based on the 
evaluation ([0066], lines 1-9, Valois). 

Regarding Claim 20, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method further comprising storing the 
configuration data in the form of a multi-level configuration hierarchy having a 
plurality of objects (Fig. 5, [0142], lines 1-2, Delany), wherein pre-processing the 
regular expression comprises automatically inserting one or more meta- 



Application/Control Number: 10/628,885 Page 1 1 

Art Unit: 2161 

characters into the regular expression ([0451-0453], lines 1-7, Delany) based on 
the hierarchical arrangement of the configuration data (Fig. 5, Delany). 

Regarding Claim 21 , the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method wherein the regular expression 
defines a textual pattern that identifies one or more of the objects within the 
configuration hierarchy, and evaluating the command comprises: 

applying the regular expression in real-time ([0383], lines 9-14, Delany) to 
determine whether a portion of the command that has been entered by the client 
matches the textual pattern ([0064], lines 1-5,Valois); and 

selectively allowing the client to complete the command based on the 
determination ([0199], lines 2-11, Delany). 

Response to Arguments 

Applicant's arguments with respect to the newly amended claims have been 
considered but are moot in view of the new ground(s) of rejection. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Apu Mofiz can be reached on 571-272-4146080. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 

Patent Application Information Retrieval (PAIR) system. Status information for 

published applications may be obtained from either Private PAIR or Public PAIR. 

Status information for unpublished applications is available through Private PAIR only. 

For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

you have questions on access to the Private PAIR system, contact the Electronic 

Business Center (EBC) at 866-217-9197 (toll-free). 

Chelcie Daye 
Patent Examiner 
Technology Center 2100 
July 17, 2008 
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Supervisory Patent Examiner, Art Unit 2161 



